-
Notifications
You must be signed in to change notification settings - Fork 60
/
busybox.advisories.yaml
84 lines (77 loc) · 3.37 KB
/
busybox.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
schema-version: 2.0.1
package:
name: busybox
advisories:
- id: CGA-c95q-245j-h3hq
aliases:
- CVE-2022-28391
- GHSA-h8c3-8522-vxc6
events:
- timestamp: 2022-10-11T20:37:21Z
type: fixed
data:
fixed-version: 1.35.0-r3
- id: CGA-mv94-rqj7-28m3
aliases:
- CVE-2022-30065
- GHSA-gq73-rh3m-3php
events:
- timestamp: 2022-10-11T20:37:21Z
type: fixed
data:
fixed-version: 1.35.0-r3
- id: CGA-hvw2-h6f5-9mc9
aliases:
- CVE-2023-42363
- GHSA-wm78-9prw-c5h4
events:
- timestamp: 2023-12-03T21:21:00Z
type: false-positive-determination
data:
type: inline-mitigations-exist
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called.
- timestamp: 2023-12-04T23:49:28Z
type: false-positive-determination
data:
type: vulnerable-code-not-in-execution-path
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called
- id: CGA-9hx4-xv8g-ff86
aliases:
- CVE-2023-42364
- GHSA-qqqj-6rp2-5pw4
events:
- timestamp: 2023-12-03T21:23:52Z
type: false-positive-determination
data:
type: inline-mitigations-exist
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called.
- timestamp: 2023-12-04T23:49:53Z
type: false-positive-determination
data:
type: vulnerable-code-not-in-execution-path
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called
- id: CGA-g7mm-g5xj-h3mq
aliases:
- CVE-2023-42365
- GHSA-j44g-3846-7q49
events:
- timestamp: 2023-12-04T23:48:37Z
type: false-positive-determination
data:
type: vulnerable-code-not-in-execution-path
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called
- id: CGA-g9rc-hhpx-6g59
aliases:
- CVE-2023-42366
- GHSA-2vjj-r39q-gvxr
events:
- timestamp: 2023-12-03T21:22:59Z
type: false-positive-determination
data:
type: inline-mitigations-exist
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called.
- timestamp: 2023-12-04T23:50:07Z
type: false-positive-determination
data:
type: vulnerable-code-not-in-execution-path
note: This vulnerability is a use-after-free that requires a specific Busybox configuration flag "CONFIG_FEATURE_CLEAN_UP" set to trigger. We don't use that configuration flag, so the free logic isn't called